1. Technical Field
The present invention relates generally to an improved data processing system and in particular to a method and apparatus for maintaining session states. Still more particularly, the present invention relates to a method and apparatus for handling session states over a distributed data processing system in which the protocol used is a stateless protocol.
2. Description of Related Art
The Internet, also referred to as an xe2x80x9cinternetworkxe2x80x9d, is a set of computer networks, possibly dissimilar, joined together by means of gateways that handle data transfer and the conversion of messages from the sending network to the protocols used by the receiving network (with packets if necessary). When capitalized, the term xe2x80x9cInternetxe2x80x9d refers to the collection of networks and gateways that use the TCP/IP suite of protocols.
The Internet has become a cultural fixture as a source of both information and entertainment. Many businesses are creating Internet sites as an integral part of their marketing efforts, informing consumers of the products or services offered by the business or providing other information seeking to engender brand loyalty. Many federal, state, and local government agencies are also employing Internet sites for informational purposes, particularly agencies which must interact with virtually all segments of society such as the Internal Revenue Service and secretaries of state. Providing informational guides and/or searchable databases of online public records may reduce operating costs. Further, the Internet is becoming increasingly popular as a medium for commercial transactions.
Currently, the most commonly employed method of transferring data over the Internet is to employ the World Wide Web environment, also called simply xe2x80x9cthe Webxe2x80x9d. Other Internet resources exist for transferring information, such as File Transfer Protocol (FTP) and Gopher, but have not achieved the popularity of the Web. In the Web environment, servers and clients effect data transaction using the Hypertext Transfer Protocol (HTTP), a known protocol for handling the transfer of various data files (e.g., text, still graphic images, audio, motion video, etc.). Information is formatted for presentation to a user by a standard page description language, the Hypertext Markup Language (HTML). In addition to basic presentation formatting, HTML allows developers to specify xe2x80x9clinksxe2x80x9d to other Web resources identified by a Uniform Resource Locator (URL). A URL is a special syntax identifier defining a communications path to specific information. Each logical block of information accessible to a client, called a xe2x80x9cpagexe2x80x9d or a xe2x80x9cWeb pagexe2x80x9d, is identified by a URL. The URL provides a universal, consistent method for finding and accessing this information, not necessarily for the user, but mostly for the user""s Web xe2x80x9cbrowserxe2x80x9d. A browser is a program capable of submitting a request for information identified by a URL at the client machine. Retrieval of information on the Web is generally accomplished with an HTML-compatible browser. The Internet also is widely used to transfer applications to users using browsers. With respect to commerce on the Web, individual consumers and businesses use the Web to purchase various goods and services. In offering goods and services, some companies offer goods and services solely on the Web while others use the Web to extend their reach.
Internet workstations are connectionless-oriented socket clients or applications that connect to a server only long enough to retrieve an installment of data.
Once the data is retrieved, connectionless oriented socket applications generally disconnect until the next data transaction is initiated by the client. Connection oriented applications assume that the client maintains the connection to the server for the duration of the session. The client only disconnects when the session is being ended.
With connection-oriented applications, the identity and synchronization of both the client and server are known to both sides of the connection. Thus, it is taken for granted that the client is trusted and the data exchange is synchronized (in particular, the xe2x80x9ccurrentxe2x80x9d or xe2x80x9cactivexe2x80x9d application panel is known).
However, in connectionless-oriented applications, in which the Hypertext Transfer Protocol (HTTP) class of service belongs, this connection is not maintained, and thus the identity and synchronization of either the client or server, or both, may change unknown to the other side. This has the potential to result in xe2x80x9cout-of-syncxe2x80x9d data exchanges, and it is not known if the reconnecting client was the original session initiator. This could xe2x80x9cbreakxe2x80x9d an application or expose sensitive data to another, unauthorized client. Consequently, a need is present in the art to assure that once an application is started with a given web browser, another browser cannot come along and connect or xe2x80x9cspoofxe2x80x9d (that is, steal, or take over) that browser""s connection and application.
HTTP is inherently a stateless protocol. As a result, a mechanism is used to keep the state for an application on a server. A common mechanism involves storing the session state for a fixed period of time. Typically, a daemon process checks the session state periodically. If the session state is older than a certain threshold, the session state is deleted. Problems are associated with such a mechanism in that if the threshold is too long, a security hole may occur. Alternatively, if the threshold is too short, the user must continually re-logon or reinitiate the session.
Therefore, it would be advantageous to have an improved method and apparatus for maintaining a session state over as stateless protocol, such as HTTP. It would be advantageous to have a method and apparatus to maintain a session state for as long as the user has the page up in the user""s browser.
A method in a data processing system for maintaining a session through a stateless protocol. A page is received from a source through the stateless protocol. Responsive to a display of the page in the data processing system, an indication is sent to the source through the connectionless protocol in response to a periodic event, wherein the indication prevents a termination of the session at the source.